SonicSpy – new malware that affected more than 1,000 Android apps

Android users should remain vigilant and be aware of a new variant of Android virus that has affected over 1,000 apps. At least three of them were available on Google Play Store and was promoted as messaging apps. Fortunately, Google removed them. However, experts expect to see malware again pretending to be another app.

A few examples of malware were noticed in February 2017. Google removed them from Store; however, several more hazardous apps were still left until this day. Recently, mobile security company Lookout discovered three fake messaging apps on Google Play Store that contained SonicSpy:

Soniac,

Hulk Messenger,

TroyChat apps.

Surprisingly, all of them offered messaging services. But it was not its primary task. These programs were designed to collect and transfer sensitive data to the cyber criminals.

Malware works as a spying tool

SonicSpy has 73 unique remote features that allow spying on users. It can record phone calls, capture audio or video clips, take pictures with a camera, access contact list, Wi-Fi information and most importantly, steal sensitive data.

When a user downloads one of the malicious apps, malware hides itself and connects to its Command and Control (C&C) server to start malicious activities.

The analysis of the virus revealed that malware might be related to another Android virus – SpyNote. This cyber threat was detected last summer, in July 2016, spreading as a fake Netflix app.

It is believed that SonicSpy, as well as SpyNote, might be created by an Iraq-based hacker. Even the developer of malicious apps on Google Play Store was called “iraqiwebservice.”

Tips to avoid Android spyware and malware

Nevertheless, apps that were spreading SonicSpy on the official app store were removed; there’s still a chance that some malicious apps were not detected yet. What is more, the hacker can create a new developer account and publish new variants of malicious apps.

Besides, numerous other variants of Android ransomware or malware might be disguised under the names of other apps in the official and unofficial stores. Therefore, you should be careful with installed applications and always follow these mobile security tips:

Download apps only from official Google Play Store;

Check the information about developers and rely only on trusted companies;